Home BusinessThe Fed’s new money laundering rule has a built-in loophole

The Fed’s new money laundering rule has a built-in loophole

by OmarAli
The Fed's new money laundering rule has a built-in loophole

The Federal Reserve has released a sweeping proposal to reformulate the way it oversees anti-money laundering and counterterrorism financing (AML/CFT) programs at the banks it oversees.

The Federal Reserve has released a sweeping proposal to reformulate the way it oversees anti-money laundering and counterterrorism financing (AML/CFT) programs at the banks it oversees.

Getty Images

According to the UN Office on Drugs and Crime, between $800 and $2 trillion in dirty money flows through the global financial system every year – and authorities manage to freeze less than 1% of it. Banks are the pipeline. The 2020 FinCEN Files leak, which exposed $2 trillion worth of transactions internally flagged as suspicious but still processed, made this uncomfortably clear. When the Federal Reserve released a sweeping proposal on July 7 to reformulate the way it oversees anti-money laundering and counterterrorism financing (AML/CFT) programs at the banks it oversees, the stakes were never in question. The question is whether the rule actually raises the bar – or quietly lowers it.

The Fed’s proposal

The proposal, which spans 20 pages in the Federal Register and was developed alongside parallel rules by FinCEN, the OCC, the FDIC and the NCUA, is touted as a modernization measure required by the 2020 Anti-Money Laundering Act. At its heart is a new two-part test: banks must “implement” an AML/CFT program and separately “maintain” it by implementing that program “in all material respects.” This distinction sounds like bureaucratic hair-splitting, but it does real work. Under the proposed framework, once a bank has properly constructed a program, the Fed would bring an enforcement action or a “significant” supervisory action only for implementation failures that are “significant or systemic” — not isolated or technical failures.

The problem is that no one, including the Fed, can yet say what “significant or systemic” means. The rule doesn’t define it. The preamble doesn’t define it. And in its own request for public comment, the board asks whether “clarification is needed to allow banks to determine what constitutes a ‘significant or systemic error’.” That means a regulator builds the central trigger for its own enforcement power and then asks the public to find out what that means.

This is not a side argument. Federal Reserve Board Governor Michael Barr said in a statement refusing to support the proposal, saying he could not vote for it “because it establishes a new, undefined standard for issuing matters requiring attention and for enforcement actions.” When a sitting governor says the agency may not be able to enforce its own rules, that’s not a technical footnote — that’s the whole game.

There is also a second problem: the proposal relies heavily on banks assessing their own homework. It directs institutions to allocate compliance personnel and technology according to their own risk assessment and specifically cautions examiners not to substitute their judgment for a bank’s resource allocation decisions. The Fed’s reasoning is that banks understand their own customer base better than auditors, which is true. But nothing in the rule sets a floor – no minimum staffing benchmarks, no external verification of whether a bank’s “reasonably designed” risk assessment is truly rigorous or just cheap. A bank that does not wish to adequately allocate compliance resources has every reason to classify a risky business unit as low risk in its own internal assessment, and the proposal gives auditors limited scope to take remedial action once that self-assessment is on paper.

The Fed’s cost-benefit calculation adds to the concern. The regulatory impact analysis assumes that banks are “largely already in compliance” with the new requirements and does not forecast a significant increase in ongoing compliance costs. That’s an odd claim in the context of a rule the Fed describes elsewhere as a fundamental overhaul of AML/CFT supervision. Either the rule largely formalizes what banks are already doing – in which case it is unclear what problem it solves – or the cost estimate underestimates what banks will actually have to spend on redesigning the governance and documentation around the new establish/maintain framework. Analysis does not resolve what is true.

There is also a coordination gap. The parallel proposal from the OCC, FDIC, and NCUA includes a requirement that these agencies notify FinCEN in advance before initiating any significant enforcement action, so that the agency that actually administers the Bank Secrecy Act can intervene first. The Fed’s version does not include this test – the board simply asks whether it should be. Until this is resolved, banks supervised by the Fed will be subject to different enforcement protections than banks supervised by their sister agencies, undermining the very consistency the rule is supposed to ensure.

Global AML fines are declining

None of this happens in a vacuum. In 2025, global AML fines fell for the second straight day, and according to at least one industry observer, it was the first year in over two decades that no U.S. bank faced a major AML penalty – even as prosecutions against crypto exchanges and fintechs increased. Analysts attribute the shift in part to staff cuts and changing priorities among regulators, rather than banks suddenly improving their compliance. Cumulative AML-related penalties against financial institutions since the 2007-2008 crisis total around $69 billion – a large number in isolation, but a rounding error given the trillions that are believed to flow illegally through the system each year. Fines of this magnitude seem less like a deterrent and more like a cost of doing business.

Responsibility is not defined

None of this means the Fed’s underlying instincts are wrong. Encouraging banks to focus their scarce compliance resources on truly high-risk customers, rather than drowning auditors and compliance officers in substandard paperwork, is a defensible modernization goal that banks have quietly been striving for for years. But risk-based flexibility and enforceable accountability should not be a compromise; They should travel together. As written, the proposal initially gives banks flexibility and leaves undefined the accountability mechanism, to be developed later as part of the same comment process that is intended to address the issue now.

Public comment period

The board is accepting public comments until September 8th. Whether the final rule closes the loophole highlighted by Barr – or merely codifies it – will determine whether this “modernization” makes it more difficult to launder money in the financial system or simply makes it harder to catch someone doing it.

Forbes article by Mayra Rodriguez Valladares

Testimony of this author before Congress

Prioritizing Main Street: Assessing the Impact of Capital Proposals on Economic Growth and American Communities

Strengthening Federal Reserve Accountability: Lessons and Opportunities for Reform

A Holistic Review of Regulators: Regulatory Overreach and Economic Consequences

Dealing with climate as a systemic risk: The need to strengthen the resilience of our banking and financial system

https://www.forbes.com/sites/mayrarodriguezvalladares/2026/07/09/the-feds-new-money-laundering-rule-has-a-loophole-built-in/

Viral Trends

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More